Fetching binary attributes via authentication
19 views
Skip to first unread message
Misagh
Nov 14, 2018, 3:20:49 PM11/14/18
to ldap...@googlegroups.com
Currently running v1.2.3; I don't see a way for Ldaptive authentication to fetch binary attributes. I see the Authenticator specifies the list of return-attributes which are then used ultimately by some entry resolver. The SearchRequest that is created by resolvers does not receive the binary attributes specified from the criteria, because the criteria only carries return-attributes and not binary attributes.
Does that analysis make sense? Outside of extending PooledSearchEntryResolver, are there better options for fetching binary attributes during authN? how does Ldaptive determine if an attribute is binary?
- Misagh
Daniel Fisher
Nov 19, 2018, 9:42:32 AM11/19/18
to ldap...@googlegroups.com
Yes. I believe this is a gap in the API. The fact that it has existed this long seems to indicate most don't need binary attributes as part of auth/auth.
Outside of extending PooledSearchEntryResolver, are there better options for fetching binary attributes during authN?
The best way currently would be to add a custom EntryHandler for the attribute.
You can see an example of this here:
There are also some extension points that would work, but this is the cleanest solution until the library is patched.
how does Ldaptive determine if an attribute is binary?
It is declarative, so by default all values are UTF-8 encoded strings unless you say otherwise.
That's a feature I'm reexamining for v2.
It could go away entirely and the library would leverage the LDIF definition of base64 encoding to determine whether a value is "binary".
If you have an opinion or preference please let me know.
--Daniel Fisher
Misagh
Nov 27, 2018, 9:45:03 PM11/27/18
to ldap...@googlegroups.com
The best way currently would be to add a custom EntryHandler for the attribute.You can see an example of this here:There are also some extension points that would work, but this is the cleanest solution until the library is patched.
Thanks. That's basically what I am doing at the moment.
how does Ldaptive determine if an attribute is binary?It is declarative, so by default all values are UTF-8 encoded strings unless you say otherwise.That's a feature I'm reexamining for v2.
What's puzzling to me is that if I simply fetch a binary attribute, "jpegPhoto", without actually tagging or declaring it as binary and try to retrieve it normally as part of authentication, I can see that the attribute is marked as binary when I call isBinary(). Any thoughts on how this might be happening?
It could go away entirely and the library would leverage the LDIF definition of base64 encoding to determine whether a value is "binary".If you have an opinion or preference please let me know.
It would be best to auto-configure the definition basedon LDIF, while allowing for declaratives overrides. This is a combination of the two, where I only end up doing the work if I absolutely have to.
Daniel Fisher
Nov 30, 2018, 10:58:46 PM11/30/18
to ldap...@googlegroups.com
On Tue, Nov 27, 2018 at 9:45 PM Misagh <misagh....@gmail.com> wrote:
What's puzzling to me is that if I simply fetch a binary attribute, "jpegPhoto", without actually tagging or declaring it as binary and try to retrieve it normally as part of authentication, I can see that the attribute is marked as binary when I call isBinary(). Any thoughts on how this might be happening?
If you're using the JNDI provider, it makes some attributes binary by default.
--Daniel Fisher
Misagh
Dec 5, 2018, 12:39:24 PM12/5/18
to ldap...@googlegroups.com
If you're using the JNDI provider, it makes some attributes binary by default.
Got it. Thanks for the reference.
Reply all
Reply to author
Forward
0 new messages